WordPress Security Scanning

With WordPress powering over 30% of the internet and a plugin ecosystem that allows anyone to write software which will execute code on your server, it’s no wonder that it’s become a popular target for hackers. As part of our Vulnerability Scanning service – which already checks for thousands of known software and configuration vulnerabilities for all major software products and operating systems – we now also test over 10,000 known WordPress vulnerabilities.

Test are made against the core version of WordPress installed, the theme in use and all plugins.

Once a vulnerability has been identified, we provide you with as much information as possible, including links to how vulnerabilities can be exploited, which version is vulnerable and if the version you’re using is out of date and needs updating.

How to setup WordPress Security Scanning

We automatically detect if your website is using WordPress when performing a web app vulnerability scan. You can set up a Vulnerability Scan by using the generic Add wizard in the top menu bar. The wizard takes you through the configuration required.

Once you have configured the websites for your scan, you have the option to either run the scan now or to schedule the scan to run daily, weekly, monthly, quarterly or annually.

Vulnerability Scanning

Receiving WordPress Security Scanning Alerts

In its default state, the scans you have configured will run and not provide any alerts regarding the findings. You can however, create alerts for the scans.

Navigate to the Alerts Section and then you will find Vulnerability Scanner Rules under Security.

Vulnerability Scanning

You can see from the above that no rules have been enabled for the above scan. Clicking Add New Rule will allow you to add a rule.

Vulnerability Scanning

Rules enable you to choose the conditions for when you are alerted. You can set up rules to alert based on increasing severity. Low (and above) will alert you if any vulnerabilities are found. High will only alert when a High/Severe vulnerability is detected.

How do I get started?

Vulnerability Security scans are available as an add-on with any paid RapidSpike plan. Just sign up for an account and then visit the Plan & Billing > Upgrades screen to purchase credits to run your scans.

Like most add-ons, scan credits are paid for monthly. Credits are available in packs of 4 (once a week), 16 (every couple of days) and 31 (daily). Alternatively, speak to our friendly team to arrange a custom plan with as many credits as you need.

Not yet a customer? You can trial our Vulnerability scan software for free by requesting a trial today.